DNS resolution inside network namespace

[Xlitoni]

Hello,

I have been using pyroute2 to create and use network namespace and I ran into a difference between the behavior of pyroute2 compared to the behavior of ip-netns in linux.

To cite the man page of ip-netns : https://man7.org/linux/man-pages/man8/ip-netns.8.html

For applications that are aware of network namespaces, the convention is to look for global network configuration files first in /etc/netns/NAME/ then in /etc/. For example, if you want a different version of /etc/resolv.conf for a network namespace used to isolate your vpn you would name it /etc/netns/myvpn/resolv.conf.

ip netns exec automates handling of this configuration, file convention for network namespace unaware applications, by creating a mount namespace and bind mounting all of the per network namespace configure files into their traditional location in /etc.

The difference in pyroute2 is this handling of /etc/netns/<namespace>/resolv.conf is not done when you use setns, which I thought at first was matching the linux command ip netns exec.

I would be happy to make a Pull Request to try and implement that handling in netns.setns(), or in a dedicated function, to allow "network namespace unaware applications" to have independent DNS resolution when they are moved to a network namespace using pyroute2.

ip netns exec in comparison creates a new mount namespace to mount bind /etc/netns/<namespace>/resolv.conf onto /etc/resolv.conf, making every "network namespace unaware applications" actually look into the right netns independent resolv.conf file when they look into the default /etc/resolv.conf for DNS resolution.

I wanted to open an issue first, to get your point of view on the subject.

[svinota]

I believe that it would be reasonable to align the behavior with the common one. So yes, I think it's a good idea to use a separate resolv.conf in the namespace, if the file exists.

PR is more than welcome, thanks.